Information on processing of personal data

INFORMATION NOTE ON TREATMENT AND ON THE PROTECTION OF PERSONAL DATA

I.Premise

In the exercise of one's own
business activity reserve maximum attention to protection
and to the protection of personal data of all those who work with it or
interact (hereinafter referred to as " Interested " and / or " User "),
adopting for this purpose every suitable, adequate and necessary procedure and system of
safety.

Believing firmly in the
principles of transparency and correctness, this information is therefore provided
in order to provide all interested parties with a complete description about
the methods and purposes of the processing of personal data that comes
carried out in the provision of services and / or in the marketing of
own assets (hereafter for the sake of brevity and together with each other " Services "), and
this also in accordance with the provisions of Regulation (EU) no. 2016/679 in
subject of protection of individuals with regard to data processing
personal data, as well as the free circulation of such data (hereinafter referred to for the sake of brevity
" GDPR ").

II.
Owner and Manager of
data processing
personal

Holder of the processing of
personal data is , based in , recorded
at the Chamber of Commerce of to the number ,
with VAT number , contacted, for the purpose of this information,
at the e-mail address info@albergosperanza.it or at the phone number (of
followed for the sake of brevity " Holder of the Treatment ").

Data processing only
personal data provided to the Data Controller for the use of the Service
Booking Engine (hereinafter referred to as "
Web Booking ") will take place on behalf of
of the same Controller of the Treatment (in the role therefore of responsible of the
treatment pursuant to art. 28 of the GDPR) from the company Passepartout S.p.A.,
a company governed by San Marino law which predominantly operates in
production and distribution of software and related services, based in the
Republic of San Marino in Dogana (Cap 47891) in Via Consiglio dei Sessanta n.
99, registered with the Register of Companies under no. 6210 on 6 August 2010,
with Economic Operator Code n. SM03473, share capital euro 2,800,000 i.v.,
contacted, for the purpose of this information, at the e-mail address privacy@passepartout.sm or at the phone number
800 414243 (hereinafter also referred to as "
Passepartout " and / or "
Responsible
of the Treatment ").

Passepartout S.p.A. has
designed (i) as a representative in the European Union, pursuant to art. 27 of the GDPR, the company Paci Rappresentante Privacy Srl
registered at the Chamber of Commerce of Romagna, share capital euro 10,000.00, based in Rimini, in P.tta Gregorio da Rimini n. 1, contactable,
for the purposes of this statement, at the e-mail address passepartout@pacirappresentanteprivacy.eu or telephone number 0541 902128 (hereinafter referred to as "
Sales Representative "); as well as
(ii) a data protection officer (referred to in
Chapter IV, Section 4 of the GDPR) that can be contacted at the e-mail address rpd.privacy@passepartout.sm
or at the phone number 800 414243.

III.Personal data

For personal data yes
mean all information concerning an identified natural person
or identifiable by reference to elements such as the name,
the extremes of the identity document, the physical, physiological, genetic identity,
economic, cultural or social status of that person, as well as through the extremes
identifiers on its location.

Personal data as above
described above are mainly dealt with when the interested party makes use of the
Services and / or Web Booking.

The supply of all
other personal data is optional but may be necessary to be able to
use the Services and / or the Web Booking, like the data to make proposals,
buy or sell that are necessary to complete an operation
contractual.

Personal data are given
directly from the Interested and / or acquired automatically through i
devices when the Services and / or Web Booking are used, when they come
provided the data in a web form on our sites, when it is created and / or
updated an account or when the interested party contacts us in each other
manner or provide your personal data expressly and with your consent,
all as detailed below.

IV.
Type and category of data
treated

Personal data as above
described, and for the provision of the Web Booking, the Data Controller (e
for it the Data Processor) only collects the following
types.

Personal data collected
concern:

a)
identifying information as a name,
surname, date and place of birth, place of residence, social security number, lot number
VAT and address, iss code, telephone number, e-mail address (also by post
certified electronics), username, password, gender, or other data that we are
kept or authorized to collect and process, in accordance with the law
current, in order to authenticate or identify the User or to verify the
information provided and collected;

b)
IP address and navigation data and any other data
concerns the interaction of the User with the Services and / or the Web Booking, for example
when viewing or searching for content, you create or access the
own account and / or a reserved area. Data is also collected
relating to the devices and / or computers used by the User to access the
Services and / or Web Booking, including the type of browser, unique code of the
device, language, operating system, reference Web page, le
pages visited, location and information about cookies, data on your computer
and connection (for example, statistics on page views,
traffic in and out of the sites, URL of origin).

c)
data relating to offers, purchases or sales relating to
Services and / or Web Booking provided during a pre-contractual negotiation and the
its subsequent completion and any other data supplied with reference to such
operations;

d)
billing data (and any shipment)
of the Services and / or of the Web Booking;

e)
financial data taking into account that some Services and / or the Web
Booking support payments and transactions with third parties. To this end it could
it is necessary to provide certain data for identification and verification
the identity of the interested party and the means of payment used, such as
example the name, surname, credit / debit card number, date of
expiry of the card. Such data where collected by the Responsible of the
Treatment will only be saved in encrypted form. In some cases
to allow the User to speed up new and similar in the future
payment transactions, Passepartout could only store the last ones
four digits of the card number;

f)
geo location data, in particular through use
of mobile devices;

g)
cookies and similar technologies. In the provision of the Services and / or
of the Web Booking, cookies, unique identifiers and others are used
similar technologies to acquire data on pages and links visited and
other similar actions, within the advertising or e-mail contents, the
all in terms, according to the modalities and conditions foreseen in the
appropriate policy available at the following link:
https://www.passepartout.net/utility/cookie;

h)Treatment of special categories of personal data
(cd "sensitive data")

They are not collected in any way and therefore are not treated, categories
details of personal data such as data revealing the origin
racial or ethnic, political opinions, religious beliefs or
philosophical, or union membership, as well as processing genetic data, data
biometrics designed to uniquely identify a natural person, data
relating to the health or sex life or sexual orientation of
person.

V.
Purpose and modality of the
data processing

Data processing
personal data collected only and exclusively for the following purposes:

a)
execute contracts related to the Services and / or the Web
Booking.

Through
the information and data communicated, we are able to execute the
activities and contractual services provided for in the Services contracts and / or
from the Web Booking requested by the Interested Party (also in the name and / or on behalf of
third parties) or to carry out referable pre-contractual measures and / or negotiations
the same Services and / or Web Booking, including administrative activities
and accounting, management of tax obligations, payments and invoicing.

The information collected will also be used to contact the User in relation to his / her account or in any case regarding his / her contractual position, solve problems in the account and / or reserved area, resolve a dispute, carry out debt collection activities.

Personal data may also be processed to verify and resolve any anomalies in the functioning of the Services and / or Web Booking; to perform data analysis and testing, to conduct research and investigations and to develop new features services in order to provide the user with an ever better experience.

b)Offer security and protection to both personal data received and security systems adopted.

The collected data are also used to verify the identity and authenticate Users, allow to make and / or receive payments, protect against possible frauds and / or abuse, respond to a request or a complaint, perform checks, to prevent, detect mitigating and / or ascertaining security breaches and / or activities that are even potentially prohibited, illegal and / or illegal.

c)Communicate with the interested party.

The data could be used to contact the User for the purposes contained in this information and in the cases provided by law. The contact and communication could be via e-mail (also with certified e-mail), telephone, SMS, paper mail, push notifications on mobile devices.

We may use your information to send service communications and / or respond to your requests, to offer discounts and special promotions, to get to know your opinions via surveys or questionnaires.

d)Perform marketing activities.

With the express and specific consent of the User to be expressed according to the modalities specifically indicated from time to time, we may use the User's information to promote new products or services to which it might be interested, carry out marketing activities through telephone calls, and -mail (also with certified e-mail) or SMS, via paper mail, notifications push on mobile devices, as well as through third parties specifically charged.

In any case, the User may revoke the express consent on marketing activities by following the appropriate instructions included in the same tools used (eg newsletter, e-mail etc.) or by sending an email toinfo@albergosperanza.it.

The processing of personal data collected will be lawful and correct in accordance with the rules of the GDPR, using manual or automated systems that allow you to store, manage and transmit (both in paper and electronic format) the same data only for the purposes indicated in this information.

Only duly authorized personnel can access the personal data collected.

VI.legal basis of data processing

The legal bases by which we process the personal data of the interested party may be different, namely:

a)
contracts established or to be established (with the
interested parties) to use the Services; as well as

b)
the consent of the interested party. This consent
it may be revoked according to the terms and according to the methods indicated in the following
section
X
,
lett.
a);

c)
our legitimate interests [with respect to which it is possible
propose opposition pursuant to the following paragraph
X
,
lett.
a)
],
752/5000
for example, by understanding the interest: to prevent fraud; to carry out direct marketing activities, improvement, customization and development of the Services; to carry out the marketing of new services or products that could be of interest to the User; to carry out the promotion of security and data protection; to carry out the processing of data within a group of companies or entities connected for internal administrative purposes, without prejudice to the general principles and regulatory requirements for the transfer of personal data within an entrepreneurial group also towards an enterprise located in a Third Country (for this reason a country is not
belonging to the European Union).

The processing of personal data relating to traffic is also a legitimate interest, to the extent strictly necessary and proportionate to ensure network and information security, meaning the ability of a network or information system to resist, to a given security level, unforeseen events or illicit or malicious acts that compromise the availability, authenticity, integrity and confidentiality of personal data stored or transmitted and the security of the related services offered or made accessible through such networks.

d)Data collected from third parties or through other sources;

We may collect additional personal data or integrate those already in our possession with other data and information collected by third parties (for example our suppliers or business partners), also using data and information in the public domain, information collected through appropriate databases or further information contact details, credit verification data and information relating to the solvency provided by the offices in charge, in compliance with current legislation.

We may also collect data through the social media used by the User. In fact, where the User links his / her account to the respective social media site, these social media may authorize us to automatically access certain data in their possession. With this possibility, the interested party provides us with express access to sites with the various contents provided for therein.

VII.Data Processor

As already anticipated in the previous ParagraphII, the processing of the personal data provided to the Data Controller for use of the Web Booking will be made by Passepartout, a company that owns the software program concerning the Web Booking and licensed for use to the Data Controller.

This processing of data will take place in accordance with the terms and conditions of the contract between the Data Controller and the Data Processor and in any case in full compliance with the provisions of this information sheet (hereinafter referred to as " Holder Agreement - Responsible for processing ").

Passepartout will process and store personal data collected on the servers at its disposal (also in the Republic of San Marino). In this regard, it should be noted that in the regulation of the Holder-Processor Agreement (recependole integrally) the guarantees required by the GDPR (ex art.46) were taken into account for the transfer of personal data to countries outside the European Union.

VIII.How to share information with third parties

The personal data provided may be shared with third parties only in the following cases:

a)Consent of the interested party:

The interested party may authorize us to share (or disclose) his / her data with (and to) other third parties, for example where you use our community (such as forums or other social media) or where he has expressed his intention to be contacted and / o contacted for any need or clarification regarding the Services.

b)Treatment by external entities:

Personal data may be provided to affiliated entities and / or affiliated to our company, to service providers and / or business partners who treat them according to instructions from us (ie partners providing customer support services, information technology, payment management and / or sales, marketing, data analysis, and research and investigation).

.suppliers of websites, applications, services and tools with which we collaborate for the provision of the Services and / or Web Booking.

c)Justice, legal and / or protection requirements.

We may retain or disclose personal data where necessary to meet the needs of justice, for example because requested by an administrative authority, a supervisory and / or supervisory authority or in the context of a judicial proceeding or, in any case, in compliance with provisions law, or in any case for the exercise of legal rights or for defense against complaints and / or legal actions or to prevent, detect or investigate illegal activities, frauds, abuses, violations of subjective legal positions or where there are even potential threats to the security of the Web Booking or to the physical security of any person.

IX.Data retention period

The retention period of personal data is determined (or determinable) depending on the purpose or the legal basis under which the processing should take place.

The personal data to execute the contract that has as object, inter alia, the Web Booking, will be retained for the time necessary to properly and fully perform the services provided in the contract itself (including those closely connected and connected to its termination) and in any case for a period of time not exceeding n. 10 (ten) years from the termination of the Web Booking.

Personal data processed for marketing and commercial purposes will be retained until such time as the interested party has not expressed the intention to withdraw consent for this purpose.

It remains the case in which the interested party has expressly expressed, even for different reasons, the consent for a longer period (in which case the retention period will correspond to that allowed) or if one has to satisfy one's legitimate interests as identified above ( in which case the retention period will correspond to that in which such interest is satisfied).

It also remains the case where the greater (or lesser) retention of data must be carried out to meet the needs of justice, for example to comply with a request from the administrative authority, supervisory and / or supervisory authority or for the exercise and / o for the protection (by judicial and / or extrajudicial) of their rights or to exercise their defense against complaints and / or legal actions.

Once the retention period is over, your personal data will be removed safely.

X.The rights of the interested party

All the interested parties to whom the personal data processed refer, in accordance with the terms and methods established by the GDPR, may exercise the rights described below.

a)
Right of access, rectification and deletion of data,
limitation and opposition to the use of data and right of withdrawal of consent.

Except as provided for above in terms of conservation, the interested party may at any time obtain access to their personal data, as well as obtaining the update, modification, limitation of processing or request cancellation.

If you choose to delete the data, please note that although most of the information stored will be deleted within 60 (sixty) days, it may take up to 180 (one hundred and eighty) days to delete all data entered into our systems due to dimensions or complexity of the systems and procedures used.

Where the processing of data is based on the consent issued by the Data Subject, this consent may be revoked at any time. Therefore, we can always oppose the sending of newsletters and the processing of data for all or only some of the marketing or commercial purposes.

The data subject may also object to the processing of data even if made with respect to our legitimate interests.

If you are asked to withdraw your consent, to limit the use of the data or to delete the previously provided personal data, we may no longer be able to provide the Services.

In any case, requests for cancellation of data are subject to current legal requirements and to the conservation of documents required by law or regulation.

b)Right to portability

The Data Subject has the right to receive personal data concerning him / her provided to a data controller in a structured, commonly used and readable form by automatic device and has the right to transmit such data to another data controller.

c)Right to propose a complaint

The interested party will always have the right to lodge a complaint with the competent Supervisory Authority, where he finds problems concerning the use of his personal data.

d)Automated decision-making process

Automated technologies are used for decision making or profiling. In any case, automated decisions will not be taken on the interested party that could have significant consequences for him, except in circumstances in which such decision is necessary to execute a contract or because the User has expressly given his consent.

The exercise of the rights described above may be requested by the Interested party via communication to the e-mail address:info@albergosperanza.it.

XI.Security measures

It ensures the implementation and maintenance of appropriate technical and organizational measures to ensure a level of safety appropriate to every possible risk, also constantly carrying out a series of technical, administrative and physical checks to keep the personal data of the interested party confidential and secure

XII.Completeness and modifications

This privacy statement is issued to complete and complete replacement of any other regulation that may exist before today in terms of protection of the personal data of the User treated for the same purposes contained herein.

Flexible date

You are looking for availability for this promotion:

Welcome to the reservation site of

Choose the booking period and click the 'Search' to see the rooms available in our hotel .